[jira] [Commented] (HDFS-3983) Hftp should support both SPNEGO and KSSL
[
https://issues.apache.org/jira/browse/HDFS-3983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13465083#comment-13465083
]
Eli Collins commented on HDFS-3983:
---
Yes, it's already broken in trunk. HDFS-3699 tracks fixing this, and once
that's in we'll still need to use the https port right? I'm removing the use of
the https port entirely here, which we won't want to do. How about a smaller
fix in the meantime that just defaults to the http port and we can make it use
the https port per HDFS-3461 once HDFS-3699 is in?
> Hftp should support both SPNEGO and KSSL
>
>
> Key: HDFS-3983
> URL: https://issues.apache.org/jira/browse/HDFS-3983
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Affects Versions: 2.0.0-alpha
>Reporter: Eli Collins
>Assignee: Eli Collins
> Attachments: hdfs-3983.txt, hdfs-3983.txt
>
>
> Hftp currently doesn't work against a secure cluster unless you configure
> {{dfs.https.port}} to be the http port, otherwise the client can't fetch
> tokens:
> {noformat}
> $ hadoop fs -ls hftp://c1225.hal.cloudera.com:50070/
> 12/09/26 18:02:00 INFO fs.FileSystem: Couldn't get a delegation token from
> http://c1225.hal.cloudera.com:50470 using http.
> ls: Security enabled but user not authenticated by filter
> {noformat}
> This is due to Hftp still using the https port. Post HDFS-2617 it should use
> the regular http port. Hsftp should still use the secure port, however now
> that we have HADOOP-8581 it's worth considering removing Hsftp entirely. I'll
> start a separate thread about that.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3983) Hftp should support both SPNEGO and KSSL
[
https://issues.apache.org/jira/browse/HDFS-3983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13465085#comment-13465085
]
Alejandro Abdelnur commented on HDFS-3983:
--
IMO we should use a different scheme (via a new FileSystem client), i.e.
*webhdfss* for the following reasons:
* The URLs themselves will indicate if the resource is served over a secure
transport or not.
* A client may need to communicate with both webhdfs:// and webhdfss://
endpoints, thus a client config will not cut it.
> Hftp should support both SPNEGO and KSSL
>
>
> Key: HDFS-3983
> URL: https://issues.apache.org/jira/browse/HDFS-3983
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Affects Versions: 2.0.0-alpha
>Reporter: Eli Collins
>Assignee: Eli Collins
> Attachments: hdfs-3983.txt, hdfs-3983.txt
>
>
> Hftp currently doesn't work against a secure cluster unless you configure
> {{dfs.https.port}} to be the http port, otherwise the client can't fetch
> tokens:
> {noformat}
> $ hadoop fs -ls hftp://c1225.hal.cloudera.com:50070/
> 12/09/26 18:02:00 INFO fs.FileSystem: Couldn't get a delegation token from
> http://c1225.hal.cloudera.com:50470 using http.
> ls: Security enabled but user not authenticated by filter
> {noformat}
> This is due to Hftp still using the https port. Post HDFS-2617 it should use
> the regular http port. Hsftp should still use the secure port, however now
> that we have HADOOP-8581 it's worth considering removing Hsftp entirely. I'll
> start a separate thread about that.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3983) Hftp should support both SPNEGO and KSSL
[
https://issues.apache.org/jira/browse/HDFS-3983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13753103#comment-13753103
]
Suresh Srinivas commented on HDFS-3983:
---
I have marked this as blocker for 2.1.1-beta.
> Hftp should support both SPNEGO and KSSL
>
>
> Key: HDFS-3983
> URL: https://issues.apache.org/jira/browse/HDFS-3983
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Affects Versions: 2.0.0-alpha
>Reporter: Eli Collins
>Assignee: Eli Collins
>Priority: Blocker
> Attachments: hdfs-3983.txt, hdfs-3983.txt
>
>
> Hftp currently doesn't work against a secure cluster unless you configure
> {{dfs.https.port}} to be the http port, otherwise the client can't fetch
> tokens:
> {noformat}
> $ hadoop fs -ls hftp://c1225.hal.cloudera.com:50070/
> 12/09/26 18:02:00 INFO fs.FileSystem: Couldn't get a delegation token from
> http://c1225.hal.cloudera.com:50470 using http.
> ls: Security enabled but user not authenticated by filter
> {noformat}
> This is due to Hftp still using the https port. Post HDFS-2617 it should use
> the regular http port. Hsftp should still use the secure port, however now
> that we have HADOOP-8581 it's worth considering removing Hsftp entirely. I'll
> start a separate thread about that.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3983) Hftp should support both SPNEGO and KSSL
[
https://issues.apache.org/jira/browse/HDFS-3983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13768351#comment-13768351
]
Arun C Murthy commented on HDFS-3983:
-
Any update on this? Is this ready to go? Thanks.
> Hftp should support both SPNEGO and KSSL
>
>
> Key: HDFS-3983
> URL: https://issues.apache.org/jira/browse/HDFS-3983
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Affects Versions: 2.0.0-alpha
>Reporter: Eli Collins
>Assignee: Eli Collins
>Priority: Blocker
> Attachments: hdfs-3983.txt, hdfs-3983.txt
>
>
> Hftp currently doesn't work against a secure cluster unless you configure
> {{dfs.https.port}} to be the http port, otherwise the client can't fetch
> tokens:
> {noformat}
> $ hadoop fs -ls hftp://c1225.hal.cloudera.com:50070/
> 12/09/26 18:02:00 INFO fs.FileSystem: Couldn't get a delegation token from
> http://c1225.hal.cloudera.com:50470 using http.
> ls: Security enabled but user not authenticated by filter
> {noformat}
> This is due to Hftp still using the https port. Post HDFS-2617 it should use
> the regular http port. Hsftp should still use the secure port, however now
> that we have HADOOP-8581 it's worth considering removing Hsftp entirely. I'll
> start a separate thread about that.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3983) Hftp should support both SPNEGO and KSSL
[
https://issues.apache.org/jira/browse/HDFS-3983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13768432#comment-13768432
]
Suresh Srinivas commented on HDFS-3983:
---
I will not be able to fix this in 2.1.1-beta timeframe. Will mark this as
blocker for the GA release.
> Hftp should support both SPNEGO and KSSL
>
>
> Key: HDFS-3983
> URL: https://issues.apache.org/jira/browse/HDFS-3983
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Affects Versions: 2.0.0-alpha
>Reporter: Eli Collins
>Assignee: Eli Collins
>Priority: Blocker
> Attachments: hdfs-3983.txt, hdfs-3983.txt
>
>
> Hftp currently doesn't work against a secure cluster unless you configure
> {{dfs.https.port}} to be the http port, otherwise the client can't fetch
> tokens:
> {noformat}
> $ hadoop fs -ls hftp://c1225.hal.cloudera.com:50070/
> 12/09/26 18:02:00 INFO fs.FileSystem: Couldn't get a delegation token from
> http://c1225.hal.cloudera.com:50470 using http.
> ls: Security enabled but user not authenticated by filter
> {noformat}
> This is due to Hftp still using the https port. Post HDFS-2617 it should use
> the regular http port. Hsftp should still use the secure port, however now
> that we have HADOOP-8581 it's worth considering removing Hsftp entirely. I'll
> start a separate thread about that.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-3983) Hftp should support both SPNEGO and KSSL
[
https://issues.apache.org/jira/browse/HDFS-3983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13779145#comment-13779145
]
Arpit Agarwal commented on HDFS-3983:
-
Is this a dup of HDFS-3699? If so we can resolve one of the two.
> Hftp should support both SPNEGO and KSSL
>
>
> Key: HDFS-3983
> URL: https://issues.apache.org/jira/browse/HDFS-3983
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Affects Versions: 2.0.0-alpha
>Reporter: Eli Collins
>Assignee: Eli Collins
>Priority: Blocker
> Attachments: hdfs-3983.txt, hdfs-3983.txt
>
>
> Hftp currently doesn't work against a secure cluster unless you configure
> {{dfs.https.port}} to be the http port, otherwise the client can't fetch
> tokens:
> {noformat}
> $ hadoop fs -ls hftp://c1225.hal.cloudera.com:50070/
> 12/09/26 18:02:00 INFO fs.FileSystem: Couldn't get a delegation token from
> http://c1225.hal.cloudera.com:50470 using http.
> ls: Security enabled but user not authenticated by filter
> {noformat}
> This is due to Hftp still using the https port. Post HDFS-2617 it should use
> the regular http port. Hsftp should still use the secure port, however now
> that we have HADOOP-8581 it's worth considering removing Hsftp entirely. I'll
> start a separate thread about that.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
